Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MetaSlider — Vulnerabilities & Security Advisories 5

Browse all 5 CVE security advisories affecting MetaSlider. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Metaslider is a WordPress plugin for creating image sliders and carousels. Historically, it has been vulnerable to multiple security issues including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities. These flaws often stem from insufficient input validation and improper permission checks. The plugin has accumulated five CVEs to date, with some allowing unauthenticated attackers to execute arbitrary code or steal sensitive data. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities suggests potential risks for unpatched installations, particularly those running outdated versions where these issues remain unaddressed.

Top products by MetaSlider: Responsive Slider by MetaSlider Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider
CVE IDTitleCVSSSeverityPublished
CVE-2026-39467 WordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - PHP Object Injection vulnerability — Responsive Slider by MetaSliderCWE-502 7.2 High2026-04-21
CVE-2025-5337 Slider, Gallery, and Carousel by MetaSlider <= 3.98.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via aria-label Parameter — Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video SliderCWE-79 6.4 Medium2025-06-14
CVE-2025-26763 WordPress Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider Plugin <= 3.94.0 - PHP Object Injection vulnerability — Responsive Slider by MetaSliderCWE-502 9.8 Critical2025-02-22
CVE-2025-24533 WordPress MetaSlider plugin <= 3.92.0 - Cross Site Request Forgery (CSRF) vulnerability — Responsive Slider by MetaSliderCWE-352 5.4 Medium2025-01-27
CVE-2024-3285 Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows <= 3.70.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via metaslider Shortcode — Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video SliderCWE-79 6.4 Medium2024-04-11

This page lists every published CVE security advisory associated with MetaSlider. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.